Add API endpoint for token associations
What does this MR do and why?
I've added a new API endpoint to enumerate token associations. That is: groups and projects the authenticated user can access.
At Security Operations, we developed our own in-house tool, Token Scoper, to analyse token associations (group and project memberships) in order to speed up the response to exposed token incidents and assess impact more efficiently.
As part of our dogfooding efforts within the division, we want to integrate the Token Scoper within the product. This can be done by creating a new API endpoint that would return the same information the Token Scoper would for a given personal / project / group access token.
Related to: #466046 (closed)
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
- Create a Personal Access Token
- Run
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/personal_access_tokens/self/associations"